Loading...

Euler Finance gives an important update to users on the $197m hack

Euler Finance gives an essential update to users on the $197m hack

Contents

Share link:

TL;DR

  • The team has assured that it will continue to work with security groups to ensure the protocol’s safety going forward.
  • Sherlock highlighted a major factor contributing to the exploit: the lack of a health check in “donateToReserves,” a new function added with EIP-14.

On March 13, DeFi lending protocol Euler Finance suffered a massive flash loan attack, making it the largest crypto hack of 2023 so far. The incident resulted in the loss of approximately $197 million and impacted over 11 other DeFi protocols. In response, Euler announced on March 14 that they had disabled their vulnerable etoken module and donation function to prevent further deposits.

Furthermore, the Euler Finance team stated to its users that the vulnerability was not detected in the initial audit conducted by various security groups. The team has assured that it will continue to work with security groups to ensure the protocol’s safety going forward.

For eight months, the vulnerability existed on-chain despite a $1 million bug bounty. Unfortunately, it was eventually exploited by an unknown party.

Sherlock, an audit group that had previously worked with Euler Finance, conducted a thorough investigation and identified the root cause of the exploit. After submitting the claim to the audit protocol and receiving approval, they executed a payout of $3.3 million on March 14. In their analysis report, Sherlock highlighted a major factor contributing to the exploit: the lack of a health check in “donateToReserves,” a new function added with EIP-14. They noted that the attack could still have been technically possible without EIP-14.

In July 2022, WatchPug conducted an Euler audit for Sherlock; however, the audit missed a critical vulnerability, eventually resulting in an exploit in March 2023.


Euler has taken steps to investigate and recover the funds that have been stolen, reaching out to leading on-chain analytic and blockchain security firms such as TRM Labs, Chainalysis, and the ETH security community. Additionally, they are attempting to contact those responsible for the attack to learn more about the issue and discuss possibly negotiating a bounty to recover the stolen funds.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decision.

Share link:

Damilola Lawrence

Damilola is a crypto enthusiast, content writer, and journalist. When he is not writing, he spends most of his time reading and keeping tabs on exciting projects in the blockchain space. He also studies the ramifications of Web3 and blockchain development to have a stake in the future economy.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Related News

Cred
Cryptopolitan
Subscribe to CryptoPolitan